Security readout for executives and security teams
Plain-English summary
This flaw affects Cisco Nexus 9000 fabric switches running ACI mode software. A device directly connected to a switch interface could send a malicious LLDP packet that crashes the device or may run code as root. It is not exploitable through normal routed transit traffic.
Executive priority
Prioritize remediation for affected ACI fabric switches because compromise could disrupt core data center networking and may allow root-level execution. Internet-wide exposure is unlikely, but insider, colocated, or mispatched Layer 2 environments can still create meaningful risk.
Technical view
CVE-2019-1901 is a CWE-119 buffer overflow in the LLDP subsystem caused by improper validation of LLDP TLV fields. Exploitation requires adjacent network access to a directly connected interface and no authentication. Cisco lists affected ACI mode releases before 13.2(7f) and any 14.x release.
Likely exposure
Exposure is limited to Cisco Nexus 9000 Series Fabric Switches in ACI mode on affected software. Risk is highest where untrusted systems, shared cabling, labs, or partner-managed devices can connect at Layer 2 to switch interfaces.
Exploitation context
The source bundle reports no CISA KEV listing and provides no evidence of active exploitation. Attackers need adjacency, not Internet reachability. Successful exploitation could cause denial of service or potentially root-level code execution on the switch.
Researcher notes
Validation should focus on product mode, software train, and adjacency model. Do not assess this as remotely exploitable through transit traffic. The bundle does not provide exploit maturity, workaround specifics, or proof of active exploitation.
Mitigation direction
- Inventory Cisco Nexus 9000 ACI mode fabric switches and their software versions.
- Follow Cisco’s advisory and fixed-release guidance before scheduling upgrades.
- Treat releases before 13.2(7f) and any 14.x release as affected per the source bundle.
- Prioritize switches with untrusted or shared directly connected Layer 2 access.
- Restrict unauthorized physical or Layer 2 adjacency where operationally feasible.
Validation and detection
- Confirm whether each Nexus 9000 switch is operating in ACI mode.
- Compare installed software against the affected ranges in the Cisco advisory.
- Identify interfaces with directly connected untrusted, shared, or partner-managed devices.
- Review crash, reload, or LLDP-related telemetry for unusual events.
- Track remediation evidence with device name, version, and advisory reference.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-119: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupExecution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2019-1901 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 8.8 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2.85.9Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
8.8HighVector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- 20190731 Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow VulnerabilityCVE reference · vendor-advisory, x_refsource_CISCO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
